Data thieves strike again, this time with fitness buffs — last Thursday, Under Armour disclosed that data tied to its fitness app MyFitnessPal was breached, affecting 150m user accounts.
The stolen data includes account usernames, email addresses, and scrambled passwords for both the app and its website, sending shares of the athletic apparel maker down 3%.
Oh yeah, it’s also one of the largest data hacks in history
MFP’s breach is certainly the largest this year, and one of the top 5 ever, based on the number of records compromised (for reference, the Equifax hack affected about 145m accounts).
Larger breaches in the hack hall of fame include 3B Yahoo accounts in 2013, and the credentials of more than 412m users of adult websites run by FriendFinder Networks in 2016.
So what happens now?
According to the company, the breach occurred in February, and they began notifying customers at the end of March, 4 days after they were made aware of the hacks — more than companies like Equifax (which took over a month), or Uber (which took over a year) can say.
On the bright side, Under Armour had a system in place to protect goods like addresses, birthdays, and payment info from being scooped — on the not so-bright side, a lot of that can be gleaned from an email account.